xref: /netbsd-src/share/man/man9/genfs.9 (revision 2fe22866e0e468fec24e50c29322227a17c951be) 
1.\" $NetBSD: genfs.9,v 1.8 2022/01/17 22:27:20 wiz Exp $
2.\"
3.\" Copyright 2012 Elad Efrat <elad@NetBSD.org>
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\" 3. The name of the author may not be used to endorse or promote products
15.\"    derived from this software without specific prior written permission.
16.\"
17.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
18.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
19.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
20.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
21.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27.\" POSSIBILITY OF SUCH DAMAGE.
28.\"
29.Dd January 17, 2022
30.Dt GENFS 9
31.Os
32.Sh NAME
33.Nm genfs
34.Nd genfs routines
35.Sh SYNOPSIS
36.In miscfs/genfs/genfs.h
37.Ft int
38.Fn genfs_can_chflags "vnode_t *vp" kauth_cred_t cred" "uid_t owner_uid" \
39"bool changing_sysflags"
40.Ft int
41.Fn genfs_can_chmod "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \
42"gid_t cur_gid" "mode_t new_mode"
43.Ft int
44.Fn genfs_can_chown "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \
45    "gid_t cur_gid" "uid_t new_uid" "gid_t new_gid"
46.Ft int
47.Fn genfs_can_chtimes "vnode_t *vp" "kauth_cred_t cred" "uid_t owner_uid" \
48"u_int vaflags"
49.Ft int
50.Fn genfs_can_extattr "vnode_t *vp" "kauth_cred_t cred" "accmode_t accmode" \
51"int attrnamespace"
52.Ft int
53.Fn genfs_can_sticky "vnode_t *vp" "kauth_cred_t cred" "uid_t dir_uid" \
54    "uid_t file_uid"
55.Sh DESCRIPTION
56The functions documented here are general routines for internal use in
57file systems to implement common policies for performing various operations.
58The developer must understand that these routines implement no system-wide
59policies and only take into account the object being accessed and the
60nominal values of the credentials accessing it.
61.Pp
62In other words, these functions are not meant to be called directly.
63They are intended to be used in
64.Xr kauth 9
65vnode scope authorization calls, for providing the fall-back file system
66decision.
67.Pp
68As a rule of thumb, code that looks like this is wrong:
69.Bd -literal -offset indent
70error = genfs_can_foo(...); /* WRONG */
71.Ed
72.Pp
73While code that looks like this is right:
74.Bd -literal -offset indent
75error = kauth_authorize_vnode(..., genfs_can_foo(...));
76.Ed
77.Sh FUNCTIONS
78.Bl -tag -width compact
79.It Fn genfs_can_chflags "vnode_t *vp" "kauth_cred_t cred"
80"uid_t owner_uid" "bool changing_sysflags"
81Implements
82.Xr chflags 2
83policy.
84.It Fn genfs_can_chmod "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \
85"gid_t cur_gid" "mode_t new_mode"
86Implements
87.Xr chmod 2
88policy.
89.It Fn genfs_can_chown "vnode_t *vp" "kauth_cred_t cred" "uid_t cur_uid" \
90"gid_t cur_gid" "uid_t new_uid" "gid_t new_gid"
91Implements
92.Xr chown 2
93policy.
94.It Fn genfs_can_chtimes "vnode_t *vp" "kauth_cred_t cred" "uid_t owner_uid" \
95"u_int vaflags"
96Implements
97.Xr utimes 2
98policy.
99.It Fn genfs_can_extattr "vnode_t *vp" "kauth_cred_t cred" "accmode_t accmode" \
100"int attrnamespace"
101Implements extended attributes access policy.
102.It Fn genfs_can_sticky "vnode_t *vp" "kauth_cred_t cred" "uid_t dir_uid" \
103"uid_t file_uid"
104Implements rename and delete policy from sticky directories.
105.El
106.Sh SEE ALSO
107.Xr genfs_can_access 9 ,
108.Xr genfs_can_access_acl_nfs4 9 ,
109.Xr genfs_can_access_acl_posix1e 9 ,
110.Xr genfs_rename 9 ,
111.Xr kauth 9
112.Sh AUTHORS
113.An Elad Efrat Aq Mt elad@NetBSD.org
114wrote this manual page.
115